pool/umoci
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
umoci/umoci-0.3.1.tar.xz
Aleksa Sarai 514f77b460 Accepting request 531029 from home:cyphar:containers 
- Update to umoci v0.3.1. Upstream changelog:
	- Fix several minor bugs in `hack/release.sh` that caused the release artefacts
	  to not match the intended style, as well as making it more generic so other
	  projects can use it. openSUSE/umoci#155 openSUSE/umoci#163
	- A recent configuration issue caused `go vet` and `go lint` to not run as part
	  of our CI jobs. This means that some of the information submitted as part of
	  [CII best practices badging][cii] was not accurate. This has been corrected,
	  and after review we concluded that only stylistic issues were discovered by
	  static analysis. openSUSE/umoci#158
	- 32-bit unit test builds were broken in a refactor in [0.3.0]. This has been
	  fixed, and we've added tests to our CI to ensure that something like this
	  won't go unnoticed in the future. openSUSE/umoci#157
	- `umoci unpack` would not correctly preserve set{uid,gid} bits. While this
	  would not cause issues when building an image (as we only create a manifest
	  of the final extracted rootfs), it would cause issues for other users of
	  `umoci`. openSUSE/umoci#166 openSUSE/umoci#169
	- Updated to [v0.4.1 of `go-mtree`][gomtree-v0.4.1], which fixes several minor
	  bugs with manifest generation. openSUSE/umoci#176
	- `umoci unpack` would not handle "weird" tar archive layers previously (it
	  would error out with DiffID errors). While this wouldn't cause issues for
	  layers generated using Go's `archive/tar` implementation, it would cause
	  issues for GNU gzip and other such tools.
	- `umoci unpack`'s mapping options (`--uid-map` and `--gid-map`) have had an
	  interface change, to better match the [`user_namespaces(7)`][user_namespaces]
	  interfaces. Note that this is a **breaking change**, but the workaround is to
	  switch to the trivially different (but now more consistent) format.
	  openSUSE/umoci#167
	- `umoci unpack` used to create the bundle and rootfs with world
	  read-and-execute permissions by default. This could potentially result in an
	  unsafe rootfs (containing dangerous setuid binaries for instance) being
	  accessible by an unprivileged user. This has been fixed by always setting the
	  mode of the bundle to `0700`, which requires a user to explicitly work around
	  this basic protection. This scenario was documented in our security
	  documentation previously, but has now been fixed. openSUSE/umoci#181
	  openSUSE/umoci#182

	[cii]: https://bestpractices.coreinfrastructure.org/projects/1084
	[gomtree-v0.4.1]: https://github.com/vbatts/go-mtree/releases/tag/v0.4.1
	[user_namespaces]: http://man7.org/linux/man-pages/man7/user_namespaces.7.html
- Remove patch that has been applied upstream.
  - i586-0001-fix-mis-usage-of-time.Unix.patch

OBS-URL: https://build.opensuse.org/request/show/531029
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/umoci?expand=0&rev=26
2017-10-04 17:38:35 +00:00

4 lines
131 B
Plaintext
Raw Blame History

version https://git-lfs.github.com/spec/v1
oid sha256:9c92c72edeaf44b3409125e15a619f6718d9ddd29ed9539c60076b8746625440
size 341716
Reference in New Issue View Git Blame Copy Permalink